How Password Managers Work - Computerphile

I just sync my KeePass file between devices via cloud, that takes care of the convenience part. And my phone undoes its one million times AES in a few seconds, so the argument of client vs. server power seems weird. I don't think it was that different 4 years ago.

Write them down ... is not as bad as it sounds...
It can't be broken, it can't be hacked, if it's outside the view of a webcam, then it more secure ...

how does spiderman know so much about passwords ?

Why the hassle of doing "H(vault_key | password)" for the authentication part? Can't the server just provide the blob for anyone that requests for it, since the assumption is that nobody without the master password can decrypt the blob anyway?

more important: have I been pawned?

terrible terrible video

I'd never store my ssn I don't care how secure they are.

LastPass has just been cracked, with all of the vaults stolen. Please, don't use it, or just any online password manager for that matter. If you use it, change all of your passwords now.

Help! For what master password entropy should i aim, if i use AES256 to encrypt my database ?? is it 128 bits enough or should i go for 256 bit master password?

Is it true that a quantum computer can brute force a 256 bit master password with grovers algorithm with a final strenght of 2**256/2 combinations??

Y'all should do a video on the OPAQUE password authentication protocol!

Password managers should be hardware devices emulating a keyboard.

I have a some methods. I already do this so it's pretty safe.

Method1: Map all the English alphabets to some unicode characters that which you can remember. Basically you invent your own cipher. Then create some app/program in c++, rust which can convert any english txt file to the unicode mapping txt file. Print it on some card and keep it in your purse.
Same can be written on paper. Only you can understand it.

Method2: Put all your secret stuff in a file. Encrypt it using some program or your own custom program. Keep the program binary in private github repo. Deny all outbound connections in your machine. Keep the encrypted txt file anywhere you like, can be gmail.

It's takes some effort to protect valuable things. Don't go for easy options.

A password manager sits above all browsers that you may have stored different passwords for you.
It's also sits above all devices that you may have for example between Operating systems, PC and mobile devices.

has a 2 meter whiteboard.
writes on a small corner of a piece of paper.

I am using DroidPass Password Manager for 2+ years already . I no longer have to memorize lots of different passwords and usernames. Plus the unique passwords make everything so much more secure. Highly recommend!

hello sir my name is rifqi i come from indonesia
sir can you help me or give me instructions, how to make a database program, for android mobile games, and i can see directly the database data of the game that is running on my android then i can see the data through my pc computer..
please guide and share knowledge sir..

Can someone tell me why it's okay to send your hashed password over the internet? If the server requires my hashed password to give me the vault key couldn't anyone intercept that hash and copy it and use it also?

Choose a password manager that supports security keys like Yubikey. That way an attacker not only has to guess your master password, they also need your physical key to authenticate.

1Password doesnt even derive the vault key from the password.

So what happens when you have a corrupt authoritarian government who has implemented keyloggers at the os level, embedded drm reporting and harware based device id.

All these Password Managers were far to complex for most of my family who didn't understand many of the features and just wanted something they could use easily. My Password Book for IOS devices was ideal and did not require any third party registration.

what is the best pw manager?

"Not password1, goodness!"

He is so british :'D delightful

❤🧡💛💚💙💜🤎🖤💖💗💓💞💕❣💔💚🤍💘💝💟

Left handed genius!

Just use 123password instead, ez

On 1Password, if my private key is used to decrypt my Vault Key, is it also signed by 1Password’s Public Key?

If your vault become encrypted again if your still logged in to the vault ?

The only reasons I still taken in use a password manager I don't know how to

I love this man and i love how ambitious he is about IT things

hashing, iterations, primary identifiers, Hmack, encripted vault, vault key, 250 bit AF key? a dozen confusing words in the first 5 minutes, too many computerspeak words to look up to understand , HELP!

One good strategy for remembering hundreds of different long passwords is to use mnemonics. Even if not perfect in any part it should definitively be one of the strategies mentioned.

But how does the server know that the authentication key is correct? Since it is hashed so many times. Also the authentication key must change on every login if I'm not wrong then how does it verify if it's the correct authentication key? The password manager I'm talking about is Bitwarden.

Almost all password managers available out there are not really password managers, they are Note managers!

People should really start using a real password manager like "Multi One Password" that does not store passwords neither locally in the users computers nor in the cloud!

what if the fields(with the exception of the the passwords themselves) in the manager are not fully understandable? For example, instead of saying "Amazon" using a different association such as "JB's junk".

Bitwarden is the best

I have an awesome Mosta Posswuhhhd

PASS : the standard Unix password manager

We need a video on double verification

Please please dont use conventional password managers
if you can code, just make your own

I have to say, I disagree with him about his assumptions regarding the "Business model" of the companies and how it pays for them to be honest. What if, say a State actor sponsored a company like this to be stood up, covertly, for the purposes of seeing who used the service in the first place. Rich, important people. Then cherry picked the ones to hack, for the purposes or taking control on a device or service for intelligence, not extracting money?

Is the automatic login from google chrome or samsung phones also some sort of password manager or do they use different (less secure?!) methods and are not advisable?

@Computerphile Based on your professional opinion, which password manager is best? Free or paid doesn't matter.

So is leaving your vault open keep your password exposed?

reallygoodpasswordwithout1or2or3or4inorderinit

What if



iloveyoukate is mike pound's password